City firms braced for May Day hack attack

Lindsay Clark

The City of London is bracing itself for a wave of hacking attacks to be launched next week as part of the May Day...

Lindsay Clark

The City of London is bracing itself for a wave of hacking attacks to be launched next week as part of the May Day anti-capitalist protests.

Jittery IT directors in financial services firms did not want to talk openly about their security plans, but many are worried that their corporate and e-business systems will be subjected to denial of service attacks.

This form of attack makes a Web site unavailable by bombarding it with electronic requests.

The attack involves hackers using up to tens of thousands of surrogate servers to attack a single site, said DK Matai, managing director of mi2g software.

Matai said denial of service attacks were proven in their capacity to disable systems and would be the favoured method for hackers during next week's expected anti-capitalist attacks.

Amazon and Yahoo!'s Web sites were crippled by such attacks earlier this year.

He said, "What we may see is thousands of servers targeting specific Web sites. With these attacks, protesters get the maximum impact for the time they spend creating malevolent code."

A denial of service attack can be launched with basic software tools available on the Web and the hackers do not need to have any specific knowledge of the victim's systems, aside from the Web address.

Mass attacks are almost impossible to defend against. Although filtering software is available to counteract the attacks, the software used by hackers to launch attacks is becoming more sophisticated, allowing the type of message to morph during attack, bypassing filters.

Security expert Peter Sommer, who is a government special adviser on e-commerce, said the only way businesses could protect themselves was through a massive investment in Web site bandwidth.

He warned that other organisations likely to be targeted by protestors would be those that might be construed to be engaged in unethical business practices.

Senior security architect at city security specialist Information Risk Management Richard Stagg said that IRM's clients in the financial and banking sector were expecting hacking attacks in conjunction with the protests.

British Bankers Association spokesman Brian Capon played down the risk of hacking during the May Day protests. "We cannot rule anything out. Banks are hugely security conscious anyway, but measures are being stepped up."

Recent history of hacking

1996 Hackers bring down Web Communications, which hosts 3,000 Web sites, with SYN flood attacks - a massive flow of connection requests likened to children knocking on a door and running away
1997 Hackers break into Yahoo! and threaten massive destruction if their demands are not met
1998 US Justice Department brings the first federal charges against a hacker - a youth who crashed air traffic control and emergency services systems in Massachussetts
2000 Denial of service attacks bring down Web pioeers Yahoo!, eBay and

Read more on Hackers and cybercrime prevention